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Remarks 

Claims 1-62 are pending. 

Response to Arguments 

1 . Applicant's arguments, see Page 17 of the Remarks, filed 9/6/2005, with respect 
to the rejection(s) of claim(s) 1, 34, 37, 50, 51, and 54 under 35 U.S.C. 102(e) have 
been fully considered and are persuasive. Therefore, the rejection has been withdrawn. 
However, upon further consideration, a new ground(s) of rejection is made with Sudia 
(U.S. Patent Application Publication 2002/0013898) in view of Zhang (Zhang etal., "A 
Rule-Based Framework for Role-Based Delegation", 5/2001, pp. 153-162), Brickell2 
(U.S. Patent 6,965,881), Control-FI (Control-FI, "Control-FI Launches CF1 Live 
'Branded, Hosted, Rented' eSupport Solution", 7/6/2000, pp. 1, obtained from 
http://web.archive.org/web/20001 1 21 025300/http://www.control- 
f1.com/news/pr_cf1livelaunch.html), and Onishi (U.S. Patent Application Publication 
2003/0149667). 

2. Applicant's arguments with regard to claims 16, 52, 53, and 58, however, are not 
persuasive. 

Applicant argues, with respect to claims 16 and 58, that Brickelll (U.S. Patent 
Application Publication 2002/0147917) does not disclose establishing a control 
relationship between the first user's authentication credential and a second user's 
authentication credential. Page 16, Paragraph 36 of Applicant's specification states 
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"Control relationships define any relevant relationships entities have with one another." 
The control relationship within BrickelM is the relationship in which the client, 
represented by his credential (certificate or client name), has control over which 
delegates, represented by their credentials (certificates or distinguished names), can 
access each specific client-controlled resource, how long they can access said 
resource, and the fact that the client can revoke this access to any or all resources or 
delegates at any time (Page 2, Paragraphs 18, 19, and 26-29). 

Applicant argues, with respect to claims 52 and 53, that BrickelM does not 
disclose an access level control module, nor transmitting input received by a client to an 
access le vel control module. The client in BrickelM creates a key for a particular 
delegate to access a particular resource. Then the client splits the key, transmitting a 
portion to the delegate and the other portion to the access level control module (Page 2, 
Paragraphs 18 and 19). The access level control module is the portion of the server 
that regulates access to the resources stored thereon. The access level control module 
checks the table (reference 434 in figure 4) storing access controls for users of the 
system, and determines whether or not the delegate wishing to obtain access to a 
certain resource has an entry in the list specifying that he has the correct access 
permissions to do so (Page 2, Paragraph 22). 

Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
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only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

3. Claims 16, 18-20, 23-29, 31-33, 52, 53, and 58-61 are rejected under 35 
U.S.C. 102(e) as being anticipated by Brickelll (U.S. Patent Application Publication 
2002/0147917) for the reasons cited in the office action dated 06/01/2005. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claim 17 is rejected under 35 U.S.C. 103(a) as being unpatentable over Brickelll 
in view of Control-FI (Control-FI, "Control-FI Launches CFILive 'Branded, Hosted, 
Rented' eSupport Solution", 7/6/2000, pp. 1, obtained from 
http://web.archive.org/web/20001 121 025300/http://www.control- 

f1 .com/news/pr_cf1 livelaunch.html) for the reasons stated in the office action dated 
06/01/2005. 

5. Claims 21 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Brickelll in view of Onishi (U.S. Patent Application Publication 2003/0149667) for 
the reasons stated in the office action dated 06/01/2005. 
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6. Claims 30 and 62 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Brickein In view of Chow (U.S. Patent Application Publication 2002/0002678) for 
the reasons stated in the office action dated 06/01/2005. 

7. Claims 1-3, 5-8, 10-14, 19, 20, 23, 24, 30, 54-57, and 62 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Sudia (U.S. Patent Application Publication 
2002/0013898) in view of Zhang (Zhang et al., "A Rule-Based Framework for Role- 
Based Delegation", 5/2001, pp. 153-162). 

Regarding Claim 1, 

Sudia discloses a computer-implemented method for managing 
access to a signing authority, comprising: 

Receiving, from a first user having an authentication credential with 
respect to the signing authority, a message that a second user be granted 
access to the signing authority (Page 15, Paragraph 249); 

Receiving, from the second user, a request to access the signing 
authority (Page 15, Paragraph 250); and 

Responsive to the request from the second user, obtaining the first 
user's authentication credential and granting the second user access to 
the signing authority by providing to the destination, the first user's 
authentication credential (signature), wherein the first user's authentication 
credential is not provided to the second user (Page 15, Paragraph 250). 
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Sudia does not disclose that the signing authority is used as an 
access mechanism for a resource to which the users wish to control 
access, 

Zhang, however, discloses that the signing authority is used as an 
access mechanism for a resource to which the users wish to control 
access (Page 155, Section 3.2.1). It would have been obvious to one of 
ordinary skill in the art at the time of applicant's invention to incorporate 
the role based delegation of Zhang into the certification system of Sudia in 
order to allow strict controls over what types of resources and access 
permissions each user has, using roles. 
Regarding Claim 54, 

Claim 54 is a computer program product claim that corresponds to 
method claim 1 and is rejected for the same reasons. 
Regarding Claim 2, 

Sudia as modified by Zhang discloses the nriethod of claim 1 , in 
addition, Sudia discloses that granting the second user access comprises 
activating a temporary access credential for the second user (Page 15. 
Paragraphs 249-250). 
Regarding Claim 55, 

Claim 55 is a computer program product claim that corresponds to 
method claim 2 and is rejected for the same reasons. 
Regarding Claim 3, 
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Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Sudia discloses that granting the second user access comprises 
creating an entity relationship between an account associated with the 
second user and an account associated with the first user (Page 15, 
Paragraphs 248-250). The account has been previously established when 
the smart card was issued to each the first and second users. 
Regarding Claim 56. 

Claim 56 is a computer program product claim that corresponds to 
method claim 3 and is rejected for the same reasons. 
Regarding Claim 5, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Zhang discloses that the message identifies the second user and 
specifies a level of access for the second user, and wherein granting the 
second user access comprises granting the specified level of access 
(Page 160, Section 4.4.1). 
Regarding Claim 6, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Zhang discloses that the second user belongs to a group of 
users, and the message identifies the group of users to which the second 
user belongs (Page 157, Section 3.3). This group is the group to which 
the second user already belongs before delegation (prerequisite 
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condition). After delegation, the second user is a part of both the 
prerequisite group and the delegated group (possibly others, as well). 

Regarding Claim 7, 

Sudia as modified by Zhang discloses the method of claim 6, in 
addition, Zhang discloses receiving an identifier from the second user, 
identifying the second user as belonging to the group of users (Page 160, 
Section 4.4.1). 

Regarding Claim 8, 

Sudia as modified by Zhang discloses the method of claim 6, in 
addition, Zhang discloses authenticating the second user as belonging to 
the group of users (Page 160, Section 4.4.1). 

Regarding Claim 10, 

Sudia as modified by Zhang discloses the method of claim 1 , in 
addition, Sudia discloses authenticating the second user (Page 15, 
Paragraph 250); and wherein granting the second user access comprises: 
responsive to the request from the second user and responsive to the 
authentication of the second user being successful, granting the second 
user access by providing the first user's authentication credential (Page 
15, Paragraph 250); and Zhang discloses that the access is to a resource 
(Page 155, Section 3.2.1). 

Regarding Claim 57, 
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Claim 57 is a computer program product claim that corresponds to 
method claim 10 and is rejected for the same reasons. 
Regarding Claim 11, 

Sudia as modified by Zhang discloses the method of claim 1 , in 
addition, Zhang discloses that granting the second user access to the 
resource comprises granting the second user a level of access different 
from a level of access available to the first user (Page 157, Section 3,3; 
and Page 160, Section 4.4.1). 
Regarding Claim 12, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Sudia discloses that receiving the message comprises receiving 
the message via a network (Figure 25). 
Regarding Claim 13, 

Sudia as modified by Zhang discloses the method of claim 12, in 
addition, Sudia discloses that receiving the request comprises receiving 
the request via the network (Figure 25). This is the broader network of the 
entire system. 
Regarding Claim 14, 

Sudia as modified by Zhang discloses the method of claim 1 , in 
addition, Sudia discloses that receiving the request comprises receiving 
the request via a second network (Page 4, Paragraph 50). 
Regarding Claim 19, 
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Sudia as modified by Zhang discloses the method of claim 1 , in 
addition, Sudia discloses terminating the second user's access after a 
predetermined time period (Pages 15-16, Paragraphs 249-251). 
Regarding Claim 20, 

Sudia as modified by Zhang discloses the method of claim 19, in 
addition, Sudia discloses that the predetermined time period is selectable 
by the first user (Page 15. Paragraph 249). 
Regarding Claim 23, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Zhang discloses terminating the second user's access to the 
resource in response to a command received from the first user (Pages 
157-159, Section 3.4). 
Regarding Claim 24, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Zhang discloses terminating the second user's access to the 
resource in response to a predetermined event (Pages 157-159, Section 
3.4). 

Regarding Claim 30, 

Sudia as modified by Zhang discloses the method of claim 1, in 
addition, Sudia discloses that the access to the resource by the second 
user is masked so that the resource is unable to distinguish it from access 
by the first user (Page 15, Paragraph 247). 
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Regarding Claim 62, 

Claim 62 is a computer program product claim that corresponds to 
method claim 30 and is rejected for the same reasons. 



8. Claims 34-40 and 43-51 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sudia in view of Brickell2 (U.S. Patent 6,965,881). 
Regarding Claim 34, 

Sudia discloses a system for granting signing authority access to a 
second user in response to a message from a first user, comprising: 

An authenticator communicatively adapted to receive over a 
network connection authentication credentials of the first and second 
users and adapted to authenticate each user from the authentication 
credentials (Page 15, Paragraph 248); 

An interface for granting the second user access to the signing 
authority by providing the first user's credential to the authenticator for 
authentication, wherein the first user's authentication credential is not 
provided to the second user (Page 15, Paragraph 250); 

But does not disclose an access level control module or that the 
signing authority is used as an access mechanism for a resource to which 
the users wish to control access. 

Brickell2, however, discloses an authenticator communicatively 
adapted to receive over a network connection authentication credentials of 
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the first and second users and adapted to authenticate each user from the 
authentication credentials (Column 2, line 65 to Column 3, line 15); 

An access level control module, communicatively coupled to the 
authenticator, for defining for each user a level of access to a resource for 
the user (Column 2, lines 29-34); 

A resource interface, communicatively coupled to the access level 
control module, for granting the second user access to the resource 
(Column 2, line 65 to Column 3, line 6); and 

That the signing authority is used as an access mechanism for a 
resource to which the users wish to control access (Column 2, lines 1-34). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the credential usage reporting of 
Brickell2 into the certification system of Sudia in order to provide a strict 
mechanism by which to control delegate access, as well as to provide 
detailed audit reports that can be used to verify unauthorized access. 
Regarding Claim 35, 

Sudia as modified by Brickell2 discloses the system of Claim 34, in 
addition, Brickell2 discloses that the access control module activates a 
temporary access credential for the second user (Column 2, lines 29-34). 
Regarding Claim 36, 

Sudia as modified by Brickell2 discloses the system of Claim 34, in 
addition, Brickell2 discloses that the access level control module creates 
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an entity relationship between an account associated with the second user 
and an account associated with the first user (Column 2, lines 1-34). 
Regarding Claim 37, 

Sudia discloses a system for granting signing authority access to a 
second user in response to a message from a first user, comprising: 

An access control module, for establishing a control relationship 
between an authentication credential associated with the first user and an 
authentication credential associated with the second user (Page 15, 
Paragraph 249); and 

An interface, coupled to the access control module, for granting the 
second user access to the signing authority, by providing to the 
destination, the first user's authentication credential, wherein the first 
user's authentication credential is not provided to the second user (Page 
15, Paragraph 250); 

But does not disclose that the access control module is an access 
level control module, in which the control relationship allows the first user 
to control at least one parameter of the second user's level of access or 
that the signing authority is used as an access mechanism for a resource 
to which the users wish to control access. 

Brickell2, however, discloses that the access control module is an 
access level control module (Column 2, line 65 to Column 3, line 6), in 
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which the control relationship allows the first user to control at least one 
parameter of the second user's level of access (Column 2, lines 1-34); 

A resource interface, communicatively coupled to the access level 
control module, for granting the second user access to the resource 
(Column 2, line 65 to Column 3, line 6); and 

That the signing authority is used as an access mechanism for a 
resource to which the users wish to control access (Column 2, lines 1-34). 
It would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the credential usage reporting of 
Brickell2 into the certification system of Sudia in order to provide a strict 
mechanism by which to control delegate access, as well as to provide 
detailed audit reports that can be used to verify unauthorized access. 
Regarding Claim 38, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Sudia discloses that the interface further terminates 
the second user's access to the resource (Page 15, Paragraphs 249-250). 
Regarding Claim 39, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Sudia discloses that the interface further terminates 
the second user's access to the resource after a predetermined time 
period (Page 15, Paragraphs 249-250). 
Regarding Claim 40, 
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Sudia as modified by Brickell2 discloses the system of claim 39, in 
addition, Sudia discloses that the predetermined time period is selectable 
by the first user (Page 15, Paragraphs 249-250). 
Regarding Claim 43, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Brickell2 discloses that the resource interface further 
terminates the second user's access to the resource in response to a 
command received from the first user (Column 3, lines 7-15; and Column 
4, lines 30-42). 
Regarding Claim 44, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Brickell2 discloses that the resource interface further 
terminates the second user's access to the resource in response to a 
predetermined event (Column 3, lines 7-15; and Column 4, lines 30-42). 
This predetermined event is the revocation of the certificate 
Regarding Claim 45, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Brickell2 discloses an output device, coupled to the 
resource interface, for outputting, to the first user, notification of the 
second user's access to the resource (Column 3, line 60 to Column 4, line 
10). 

Regarding Claim 46, 
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Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37. in addition, Brickell2 discloses a storage device, coupled to the 
resource interface, for storing information describing the second user's 
access to the resource (Column 3, line 60 to Column 4, line 10). 

Regarding Claim 47, 

Sudia as modified by Brickell2 discloses the systems of claim 46, in 
addition, Brickell2 discloses that the storage device stores information 
identifying which user accesses the resource (Column 3. line 60 to 
Column 4, line 10). 

Regarding Claim 48, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Sudia discloses that the access to the resource by the 
second user is masked so that the resource is unable to distinguish it from 
access by the first user (Page 15, Paragraph 247). 

Regarding Claim 49, 

Sudia as modified by Brickell2 discloses the systems of claims 34 
and 37, in addition, Brickell2 discloses that the resource comprises at 
least one selected from the group consisting of a data file, a data file 
stored at a server, an application, and data associated with the first user 
(Figure 3). 

Regarding Claim 50, 
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Sudia discloses in a client/server system for granting signing 
authority to a second user in response to a message from a first user 
specifying that the second user be granted the signing authority, a server 
comprising: 

An authenticator, for authenticating each user according to 
authentication credentials (Page 15, Paragraph 250); 

An access control module coupled to the authenticator (Page 15, 
Paragraphs 249-250); and 

An interface, coupled to the access control module, for granting to a 
client operated by the second user access to the signing authority by 
providing the first user's authentication credential, wherein the first user's 
authentication credential is not provided to the second user (Page 15, 
Paragraph 250); 

But does not disclose that the access control module is an access 
level control module, for defining a level of access to the resource for each 
user, or that the signing authority is used as an access mechanism for a 
resource to which the users wish to control access. 

Brickell2, however, discloses an authenticator for authenticating 
each user according to authentication credentials (Column 2, line 65 to 
Column 3, line 15); 

An access level control module, for defining a level of access to the 
resource for each user (Column 2. lines 29-34); 
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A resource interface, coupled to the access level control module for 
granting to a client operated by the second user access to the resource 
(Column 2, line 65 to Column 3, line 6); and 

That the signing authority is used as an access mechanism for a 
resource to which the users wish to control access (Column 2, lines 1-34). 
This combination is the one in which the functionality of the CVS/CSP 
from Brickell2 is performed at the primary user's smart card. It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the credential usage reporting of Brickell2 into the 
certification system of Sudia in order to provide a strict mechanism by 
which to control delegate access, as well as to provide detailed audit 
reports that can be used to verify unauthorized access. 
Regarding Claim 51, 

Sudia discloses in a client/server system for granting resource 
access to a second user in response to a message from a first user 
specifying that the second user be granted signing authority, a server 
comprising: 

An access control module, for establishing a control relationship 
between the first user's authentication credential and the second user's 
authentication credential (Page 15, Paragraph 249); and 

An interface, coupled to the access control module, for granting to a 
client operated by the second user access to the signing authority, by 
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providing to the resource the first user's authentication credential, wherein 
the first user's authentication credential is not provided to the second user 
(Page 15, Paragraph 250); 

But does not disclose that the access control module is an access 
level control module, in which the control relationship allows the first user 
to control at least one parameter of the second user's level of access or 
that the signing authority is used as an access mechanism for a resource 
to which the users wish to control access. 

Brickell2, however, discloses that the access control module is an 
access level control module (Column 2, line 65 to Column 3. line 6), in 
which the control relationship allows the first user to control at least one 
parameter of the second user's level of access (Column 2, lines 1-34); 

A resource interface, coupled to the access level control module, 
for granting the second user access to the resource (Column 2, line 65 to 
Column 3, line 6); and 

That the signing authority is used as an access mechanism for a 
resource to which the users wish to control access (Column 2, lines 1-34). 
This combination is the one in which the functionality of the CVS/CSP 
from Brickell2 is performed at the primary user's smart card. It would have 
been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate the credential usage reporting of Brickell2 into the 
certification system of Sudia in order to provide a strict mechanism by 
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which to control delegate access, as well as to provide detailed audit 
reports that can be used to verify unauthorized access. 



9. Claims 15, 25-29, 32, 33, and 59-61 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Sudia in view of Zhang, further in view of Brickell2. 
Regarding Claim 15, 

Sudia in view of Zhang does not disclose storing in an audit log 
information describing the second user's access to the resource and 
identifying the second user in connection with the access. 

Brickell2, however, discloses storing in an audit log information 
describing the second user's access to the resource and identifying the 
second user in connection with the access (Column 3, line 60 to Column 
4, line 10). It would have been obvious to one of ordinary skill in the art at 
the time of applicant's invention to incorporate the credential usage 
reporting of Brickell2 into the certification system of Sudia as modified by 
Zhang in order to provide a strict mechanism by which to control delegate 
access, as well as to provide detailed audit reports that can be used to 
verify unauthorized access. 
Regarding Claim 25, 

Sudia in view of Zhang does not disclose outputting, to the first 
user, notification of the second user's access to the resource. 
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Brickell2. however, discloses responsive to granting the second 
user access, outputting, to the first user, notification of the second user's 
access to the resource (Column 3, line 60 to Column 4. line 10). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the credential usage reporting of 
Brickell2 into the certification system of Sudia as modified by Zhang in 
order to provide a strict mechanism by which to control delegate access, 
as well as to provide detailed audit reports that can be used to verify 
unauthorized access. 

Regarding Claim 26, 

Sudia as modified by Zhang does not disclose storing information 
describing the second user's access to the resource. 

Brickell2, however, discloses responsive to granting the second 
user access, storing information describing the second user's access to 
the resource (Column 3, line 60 to Column 4, line 10). It would have been 
obvious to one of ordinary skill in the art at the time of applicant's invention 
to incorporate the credential usage reporting of Brickell2 into the 
certification system of Sudia as modified by Zhang in order to provide a 
strict mechanism by which to control delegate access, as well as to 
provide detailed audit reports that can be used to verify unauthorized 
access. 

Regarding Claim 59, 
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Claim 59 is a computer program product claim that corresponds to 
method claim 26 and is rejected for the same reasons. 
Regarding Claim 27, 

Sudia as modified by Zhang and Brickell2 discloses the method of 
claim 26, in addition, Brickell2 discloses that storing information comprises 
storing the information in an audit log (Column 3, line 60 to Column 4, line 
10). 

Regarding Claim 28, 

Sudia as modified by Zhang does not disclose storing information 
describing at least one subsequent interaction with the resource. 

Brickell2, however, discloses storing information describing at least 
one subsequent interaction with the resource (Column 3, line 60 to 
Column 4, line 10). It would have been obvious to one of ordinary skill in 
the art at the time of applicant's invention to incorporate the credential 
usage reporting of Brickell2 into the certification system of Sudia as 
modified by Zhang in order to provide a strict mechanism by which to 
control delegate access, as well as to provide detailed audit reports that 
can be used to verify unauthorized access. 

Regarding Claim 60, 

Claim 60 is a computer program product claim that corresponds to 
method claim 28 and is rejected for the same reasons. 

Regarding Claim 29, 
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Sudia as modified by Zhang and Brickell2 discloses the method of 
claim 28, in addition, Brickell2 discloses that storing information 
comprises, for each interaction, storing information identifying which user 
accesses the resource (Column 3, line 60 to Column 4, line 10). 
Regarding Claim 61, 

Claim 61 Is a computer program product claim that corresponds to 
method claim 29 and is rejected for the same reasons. 
Regarding Claim 32, 

Sudia as modified by Zhang does not disclose that the resource 
comprises at least one selected from the group consisting of a data file, a 
data file stored in a server, an application, and data associated with the 
first user. 

Brickell2, however, discloses that the resource comprises at least 
one selected from the group consisting of a data file, a data file stored at a 
server, an application, and data associated with the first user (Figure 3). It 
would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the credential usage reporting of 
Brickell2 into the certification system of Sudia as modified by Zhang in 
order to provide a strict mechanism by which to control delegate access, 
as well as to provide detailed audit reports that can be used to verify 
unauthorized access. 
Regarding Claim 33, 
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Sudia as modified by Zhang do not disclose that the steps of the 
method are performed by a web-based application. 

Brickell2, however, discloses that the steps of the method are 
performed by a web-based application (Column 2, lines 1-19). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the credential usage reporting of 
Brickell2 into the certification system of Sudia as modified by Zhang in 
order to provide a strict mechanism by which to control delegate access, 
as well as to provide detailed audit reports that can be used to verify 
unauthorized access. 

10. Claims 4 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sudia in view of Zhang, further in view of Control-FI (Control-FI, "Control-FI Launches 
CFILive 'Branded, Hosted, Rented' eSupport Solution", 7/6/2000, pp. 1, obtained from 
http://web.archive.org/web/20001 121 025300/http://www.control- 
f1 .com/news/pr_cf 1 livelaunch.html). 
Regarding Claim 4, 

Sudia as modified by Zhang does not disclose that the account 
associated with the second user comprises a support representative 
account. 

Control-FI, however, discloses that the account associated with the 
second user comprises a support representative account (Page 1). It 
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would have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the remotely controlled technical 
support system of Control-F1 into the certification system of Sudia as 
modified by Zhang in order to allow a support representative to diagnose 
and fix problems on a user's machine remotely, while the user can go 
about his normal work, thus increasing productivity and decreasing 
support costs. 
Regarding Claim 9, 

Sudia as modified by Zhang does not disclose that the group 
comprises support representatives. 

Control-FI, however, discloses that the group comprises support 
representatives (Page 1). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the 
remotely controlled technical support system of Control-F1 into the 
certification system of Sudia as modified by Zhang in order to allow a 
support representative to diagnose and fix problems on a user's machine 
remotely, while the user can go about his normal work, thus increasing 
productivity and decreasing support costs. 

1 1 . Claims 21 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sudia in view of Zhang, further in view of Onishi (U.S. Patent Application 
Publication 2003/0149667). 
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Regarding Claim 21, 

Sudia in view of Zhang does not disclose terminating the second 
user's access to the resource after the second user has accessed the 
resource a predetermined number of times. 

Onishi, however, discloses terminating the second user's access to 
the resource after the second user has accessed the resource a 
predetermined number of times (Page 2, Paragraphs 21 and 22). It would 
have been obvious to one of ordinary skill in the art at the time of 
applicant's invention to incorporate the usage counter of Onishi into the 
certification system of Sudia as modified by Zhang in order to allow for a 
pay-per-view type of system in which the second user must pay the first 
user for a preset number of accesses to the resource. 
Regarding Claim 22, 

Sudia as modified by Zhang and Onishi discloses the method of 
claim 21, in addition, Onishi disclose that the predetermined number of 
times is selectable by the first user (Page 2, Paragraphs 21 and 22). 



12. Claims 41 and 42 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Sudia in view of Brickell2, further in view of Onishi. 
Regarding Claim 41, 

Sudia in view of Brickell2 does not disclose that the resource 
interface further terminates the second user's access to the resource after 
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the second user has accessed the resource a predetermined number of 
times. 

Onishi; however, discloses that the resource interface further 
terminates the second user's access to the resource after the second user 
has accessed the resource a predetermined number of times (Page 2, 
Paragraphs 21 and 22). It would have been obvious to one of ordinary 
skill in the art at the time of applicant's invention to incorporate the usage 
counter of Onishi into the certification system of Sudia as modified by 
Zhang in order to allow for a pay-per-view type of system in which the 
second user must pay the first user for a preset number of accesses to the 
resource. 
Regarding Claim 42, 

Sudia in view of Brickell2 and Onishi discloses the system of Claim 
41 , in addition, Onishi discloses that the predetermined number of times is 
selectable by the first user (Page 2, Paragraphs 21 and 22). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jeffrey D. Popham whose telephone number is (571)- 

272- 7215. The examiner can normally be reached on M-F 9:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571)272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 

273- 8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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